summary refs log tree commit diff
diff options
context:
space:
mode:
authoredef <edef@edef.eu>2020-04-10 16:05:36 +0000
committerGitHub <noreply@github.com>2020-04-10 16:05:36 +0000
commit6fbacea8e57b2afd00e7275d1b1c001b53a06377 (patch)
tree1235346f168c23cdbb9ed9f8f942755547b605cb
parent171eb4ff5f12a4d1e34ef3a3908245874bca4f0b (diff)
parent387b9bf352851c8ec200030f3d4a79c3fac843de (diff)
downloadnixpkgs-6fbacea8e57b2afd00e7275d1b1c001b53a06377.tar
nixpkgs-6fbacea8e57b2afd00e7275d1b1c001b53a06377.tar.gz
nixpkgs-6fbacea8e57b2afd00e7275d1b1c001b53a06377.tar.bz2
nixpkgs-6fbacea8e57b2afd00e7275d1b1c001b53a06377.tar.lz
nixpkgs-6fbacea8e57b2afd00e7275d1b1c001b53a06377.tar.xz
nixpkgs-6fbacea8e57b2afd00e7275d1b1c001b53a06377.tar.zst
nixpkgs-6fbacea8e57b2afd00e7275d1b1c001b53a06377.zip
Merge pull request #84602 from alyssais/ssh
nixos/ssh: don't accept ssh-dss keys
-rw-r--r--nixos/modules/programs/ssh.nix9
1 files changed, 2 insertions, 7 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix
index 80198990ed1..44e65ee8a9a 100644
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@@ -61,12 +61,9 @@ in
         '';
       };
 
-      # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
       pubkeyAcceptedKeyTypes = mkOption {
         type = types.listOf types.str;
-        default = [
-          "+ssh-dss"
-        ];
+        default = [];
         example = [ "ssh-ed25519" "ssh-rsa" ];
         description = ''
           Specifies the key types that will be used for public key authentication.
@@ -75,9 +72,7 @@ in
 
       hostKeyAlgorithms = mkOption {
         type = types.listOf types.str;
-        default = [
-          "+ssh-dss"
-        ];
+        default = [];
         example = [ "ssh-ed25519" "ssh-rsa" ];
         description = ''
           Specifies the host key algorithms that the client wants to use in order of preference.